The Latest Pawn in the Warranty Fraud Game? Fitbit Users

By on

With great technology comes great responsibility. This is particularly true when it comes to protecting technology. And with more and more aspects of our lives becoming integrated with our tech, device security must be top of mind. Think about it: the way we bank, the way we work, and even the way we monitor our fitness has moved to our pocket screens. And in many cases, all that’s needed for access is a password.

That means all that stands between you and a cybercrime is a not-so-strong login. In fact, just this week, the problem of weak passwords played a strong role in the latest hacker ploy: a warranty fraud scheme aimed at Fitbit users.

It all began in Fitbit’s customer service department, which started seeing a large number of customer requests come in, demanding replacements for faulty devices. Usually, this would be indicative of some sort of manufacturing error. But further investigation by Fitbit occurred after observing data from customer accounts posted in bulk online.

Now, it turns out this wasn’t a security breach on Fitbit systems at all. Instead, attackers had gotten a hold of users’ credentials, and proceeded to change the emails and passwords associated with the compromised accounts. It gets worse: hackers posed as the customer behind each account in order to take advantage of the product warranty and rake in new, replacement devices.

So, how did the attackers get all these passwords to begin with?

Reports indicate the cause was two-fold: malware infected customer computers and—you guessed it—users having the same password across different online accounts.

While it seems easier than keeping track of multiple logins, using a single password for everything potentially allows cybercriminals an unbelievable amount of access to personal information. The good news is there are password management solutions out there, to help combat the problem of having to remember countless passwords. Still, many of us are creatures of habit, using one ‘master’ login for just about everything we do online.

In light of this wave of warranty fraud, Fitbit plans to implement further safeguards for their users, such as two-factor authentication. However, customers’ poor password habits can still leave the door open to hacks.

This recent example scheme certainly serves as a reminder of just how critical strong, unique passwords are. To keep your private data online safe from being hijacked, here are a few best practices to keep in mind:

Use different passwords across all accounts. After reading through the above, this should go without saying. A complex password is a strong one, containing at least eight characters in length including numbers, symbols and upper and lowercase letters. If remembering multiple passwords isn’t your strong suit, remember that solutions like True Key can help make password management painless. 

Report suspicious activity. If you notice suspicious activity in an online account, change your passwords immediately. If you find yourself locked out of an online account, notify the company. This will minimize damage to your account, and can also let the vendor investigate what could be a bigger issue.

Protect devices from malware. Even if your online accounts are locked down, a malicious attack could leave your device compromised. Use a comprehensive security solution, like McAfee LiveSafe™ , to help protect your digital life.

 

gary

Categories: Consumer Threat Notices
Tags: ,

Leave a Comment

Similar articles

Holiday stress. Every year, come November, my resting heart rate starts to rise: the festive season is approaching. Not only is there so much to do but there’s so much to spend money on. There are presents to purchase, feasts to prepare and party outfits to buy. Throw in a holiday to fill the long ...
Read Blog
Cryptocurrency mining is the way transactions are verified and added to the public ledger, a database of all the transactions made around a particular piece of cryptocurrency. Cryptocurrency miners compile all of these transactions into blocks and try to solve complicated mathematical problems to compete with other miners for bitcoins. To do this, miners need ...
Read Blog
The authors thank their colleagues Oliver Devane and Deepak Setty for their help with this analysis. McAfee Labs researchers have discovered new Russian malware, dubbed WebCobra, which harnesses victims’ computing power to mine for cryptocurrencies. Coin mining malware is difficult to detect. Once a machine is compromised, a malicious app runs silently in the background ...
Read Blog